If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

That isn't exactly true...if you step in and beat the **** out of the guy....he may press charges against you for doing so. The cops may be all for it, but that doesn't mean they condone it or could let you get away with it. Lamo went out and actively looked for these problems, which if you relate it to the rapist argument this could make him out to be a vigilante....which law enforcement really does not look upon very well.

In the end the yo yo that is the topic of this thread did alot of auditing of computer systems without a written contract or agreement. That is stupid, and could have got him in trouble even if he worked for the companies involved (look at the case with the guy at Intel doing password auditing without permission). Unless you have permission in writing, they can come after you. If you do it without the companies permission and without taking the proper steps for you to be covered legally...they SHOULD come after you. You could very well take out a mission critical system and cost them alot of money.

If you want to be an info sec professional, be a professional. Don't just play one on TV...

"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chshBlog of X

Heads: The internet and networks in general are not the place they were in past years. The information stored in todays networks are worth vast amounts money and store information vital to the economics and security of individuals,companies and countries. Businesses have the right to conduct their affairs in a regulated and safe environment or they cannot conduct business. This aint the Wild West anymore boys. You simply cannot infringe on the time,money and property of others and expect no represcussions legal or otherwise.

Tails: These are not just the 'homes' of individuals whose security is at risk. These are institutions both private as well as public whose information NEEDS to be protected for the safety of clients,citizens and countless others. I think if someone told you that a company/institution or otherwise, whom is entrusted with sensitve information about you, your family and countless others was accesible to anyone at anytime, and that the people to whom you entrusted this information are the very people giving it away, you would also be a little pissed off. The bearers of this information are not often as motivated to admit the truth about the security of this information as the individual at risk, for a variety of reasons most of them relating to money. A bank will never tell you your money isn't safe with them. Microsoft will never tell you they are spying on you. If you can't trust the FBI and Microsoft, who can you trust?

-Maestr0

\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

He just called techTV and announced he had talked to the authorities and decided to turn himself in. literally, just now, i saw it live on the air. anyway I for one admire him. like the article said, the hacks he did usually involved no more than a normal web browser, and he did it for all the right reasons. It would've been smart to have asked permission first, but lets face it, how many of them would have given it? I don't equate his "crimes" to breaking into someone's house, routing around, then later telling you your house has vulnerabilities, its more like walking down the street, noticing your door is wide open, and calling you to tell you to close it.

He did a lot more than ""noticing your door is wide open, and calling you to tell you to close it.""

Read the article...Here's an excerpt:

" Once inside, Lamo exploited weaknesses in the Times password policies to broaden his access, eventually browsing such disparate information as the names and Social Security numbers of the paper's employees, logs of home delivery customers' stop and start orders, instructions and computer dial-ups for stringers to file stories, lists of contacts used by the Metro and Business desks, and the "WireWatch" keywords particular reporters had selected for monitoring wire services.

He also accessed a database of 3,000 contributors to the Times op-ed page, containing such information as the social security numbers for former U.N. weapons inspector Richard Butler, Democratic operative James Carville, ex-NSA chief Bobby Inman, Nannygate veteran Zoe Baird, former secretary of state James Baker, Internet policy thinker Larry Lessig, and thespian activist Robert Redford. Entries with home telephone numbers include Lawrence Walsh, William F. Buckley Jr., Jeanne Kirkpatrick, Rush Limbaugh, Vint Cerf, Warren Beatty and former president Jimmy Carter. "

He not only "noticed your door is wide open ", he helped himself into the house, and took it upon himself to see what else you have in your house that is unsecure...rummaging through personal belongings.... then
" he told you about it"

Maestr0 made a very good point, the house analogy is poor one, it was a lot worse than breaking into a house

"these are not just the 'homes' of individuals whose security is at risk. These are institutions both private as well as public whose information NEEDS to be protected for the safety of clients,citizens and countless others"

The Lamo Files

Originally posted by: gunit
He did a lot more than ""noticing your door is wide open, and calling you to tell you to close it.""

All of the things you listed are standard proceedure once you get into a big company. He did that for effect. He did it to show the company he was hacking the expanse of what one could do in a matter of minutes - which is literally devistate and cripple the company if a malacious attacker ever found out.

Using your house-anology:
Imagine you have a house, and in this house you have a wallet and a safe with important valubles in it.
I, Adrian, would break into the front door. Big deal you say, anybody determined enough will and can do it. But my, Adrian's, point is not just breaking down the door, for you, the company, underestimate the power now invested in me.
I'll walk to your wallet, tell you how much money you have, describe your family pictures, and tell you important numbers, then i'll walk and break open your safe, and tell you that if I wanted, I could take all of this with me.

...But I, Adrian, will not take your stuff. BUT!, all hope is not lost. Here's a list of things to protect yourself. I'll work with you, if you cooperate (because I know I will) to fix and solve these problems - because if you have them, imagine how many other people have them.

I respect Adrian. I won't praise him, nor bash him, however. But people like Adrian are essential to the ongoing evolution of internet security. And besides, it makes it more fun for people like me who try (in vain) to keep up or get ahead of where Adrian is at right now.

I have to agree with gunit
At the end of the day he did not do it with all good intentions. He did it because he got off on it nothing more nothing less. So does this mean we can just break any law and say we were proving a point? Where do you draw the line?
It looks to me like he was only saying look at me aren t i cool look what i did. He may be smart but he certainly wouldn t know how a wise man feels.

I disagree with the naysayers on this one. I have followed up on Lamo since he was sleeping here and there because he knew he was being tracked and have followed techtv's coverage. I think that him turning himself in is a good thing. I also think that he did wrong (in a way). In a way I believe he was being an intelligent curious person letting these big companies know that they should fix these problems. He could have not let them know what he was doing and thieved his way around a lot of things. Some people do bad things and don't get caught. This guy was the guy telling people hey look I could do this much to your computer and here's how I do it instead of just doing it and taking what he can and going away.

Adrian Lamo, the so-called homeless hacker, surrendered Tuesday to face two federal criminal charges of electronic breaking and entering.
Lamo, 22, turned himself in at the U.S. courthouse in Sacramento, Calif., ending a five-day manhunt during which FBI agents staked out his family's home in the Sacramento suburbs and his defense attorney negotiated the surrender with federal prosecutors.